nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard

Published 20 hours ago verified publisher icon NginxProxyManager

Updating Access List IP address for dynamic IP Host

Open diginfo opened this issue 2 years ago • 7 comments

As the access list does not allow a hostname and only an IP address, I want to create a cron script, that checks whether the IP address has changed for a host, and if so updates the "Access List > Access" IP Address.

I know how to create the script, and how to update the database, but is it just a case of restarting the nginx service or should I call some other command to apply the changed IP address ??

sqlite> select * from access_list_client;
sqlite> UPDATE access_list_client SET address = 'xx.xx.xx.xx' where id = 1;

diginfo avatar Sep 02 '22 02:09 diginfo

Also, nginx does not appear to be running under systemctl, so how can I restart and / or reload the system ?

diginfo avatar Sep 02 '22 03:09 diginfo

@diginfo you can just use the nginx standard nginx -s reload, you can even cron that from outside docker, for me its docker exec nginxproxymanager nginx -s reload

the1ts avatar Sep 02 '22 09:09 the1ts

Thanks, so by updating the sqlite database directly as I am, will that then update the nginx config file in /data/nginx/proxy_hosts folder automagically ?

diginfo avatar Sep 02 '22 10:09 diginfo

and while I have your attention :-)

https://stackoverflow.com/questions/73576444/nginx-reversed-proxy-requesting-files-above-proxied-folder

Any suggestions ?

diginfo avatar Sep 02 '22 11:09 diginfo

@diginfo I don't think so, since even changing an ACL in the GUI doesn't reload nginx currently. Perhaps look at handling the ACL snippet yourself with your script and including that snippet via the custom nginx configuration. This will mean your script updates the ACL snippet with new IPs, removes old IPs, does an nginx -t to check config is good, then reloads nginx. Perhaps you could simply edit the required proxy-host/$number.conf directly, check config and reload? I'm sure there are NPM API calls that could be used for this, but I'm not sure its documented in v2.

the1ts avatar Sep 02 '22 11:09 the1ts

The original request still stands in my opinion.

Would it be possible to get some kind of functionality for DDNS in the Access List? Since I have to enter my public IP to limit access to my LAN, if it changes I have to go and manually update it.

SkilledAlpaca avatar Sep 20 '22 16:09 SkilledAlpaca

There are already great tools for securing infrastructure like requested, VPNs. I for example use tailscale to enable hiding of many services, not just web. Even if DDNS and ACLS where combined, it still only works for web. And it ignores the fact that many people still have to have port 80 open to allow letsencrypt http authentication, is NPM then supposed to stop ACLs working when letsencrypt is being run? Its starting to fall way outside of a simple tool for proxying and SSL cert creation that NPM is designed to be. Perhaps having run and secured some of the largest websites in the world, I'm not as concerned by looking at unknown IPs in my access logs as some are.

the1ts avatar Sep 20 '22 20:09 the1ts

many people want to limit their services to local IP ranges, but the current ACL cannot do that. Solution: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/1708#issuecomment-1537533615

Can we have that code merged into?

efnats avatar Jul 29 '23 09:07 efnats

Issue is now considered stale. If you want to keep it open, please comment :+1:

github-actions[bot] avatar Feb 10 '24 01:02 github-actions[bot]

Please merge #3364 to close this issue.

virtualdj avatar Feb 10 '24 07:02 virtualdj